Job summary : Describe the main objectives and purpose of the job, why does the job exist? Identify the primary duties and areas of responsibility.
The Compliance Analyst will contribute to the evolution of EY’s Compliance program. The Compliance Analyst is also responsible for the day-to-day activities as they relate to the security compliance program and follow-up activities.
The Compliance Analyst is aligned functionally within the organization and therefore is responsible for advising others on the compliance process and increasing awareness of security within their area of responsibility.
Key responsibilities (analytical / decision making / supervisory) : Describe the tasks and responsibilities typically required in this role and the extent to which decisions might be made which will require interpretation / judgment.
What degree of supervision over others is required in this role?
Conducts security compliance program activities as specified in the information security policy to assess compliance with EY’s policies, standards and procedures
Keeps track of security deficiencies through the documentation of findings, monitoring the follow through of the remediation, and validates closure to increase the security maturity of the security program and reduce overall risk
Reports on metrics to gauge effectiveness of the security policy framework and publish periodic metrics report
Analyzes the data contained within the compliance system and other security information repositories to identify security trends, root causes and notable risks.
Advises others, helping to enhance and improve their understanding of information security and its importance to EY.
Advises managers and other leaders concerning the overall status of the function’s compliance findings and associated remediation plans and exceptions.
Documents security findings, remediation plans and exception requests in a clear and concise manner
Identifies what is needed to validate remediation has been successful
Analytical / Decision Making Responsibilities :
Demonstrated integrity and judgment, tact and decision making ability within a professional environment
Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario
Ability to appropriately balance firm security needs with business impact & benefit
Ability to recognize patterns in structure and unstructured data and to draw appropriate connections between seemingly disparate pieces of information
Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.
Must be able to work independently and with minimal direct supervision
Knowledge, skills and experience requirements : Describe what is required from the candidate to perform this role (technical, managerial
or behavioral) and what is deemed mandatory or optional / considered as an asset.) Is flexibility of working hours required, is frequent travel involved?
Maintain awareness of the current security threat landscape
An overall understanding of the business objectives and security challenges within the different Service Lines within the organization
Ability to team well with others to facilitate and enhance the understanding and compliance to security policies
Some programming experience will be beneficial, though not required
Minimum of three years related IT work experience
One or more years of experience in the Information Security field
Experience advising and communication with clients and vendors in relation to security policies
Demonstrated sound judgment, tact, and decision-making ability
Good management, interpersonal, communication, organizational, and decision-making skills
Ability to understand and integrate cultural differences and motives and to lead cross cultural teams
Strong English language skills, written and verbal, are required
Qualifications, certifications and education requirements : Are there any qualifications, certifications and / or licenses required / beneficial to perform this job?
What is the minimum level of education required / suggested for this role?
Education : A degree in Computer Science or a related discipline, or equivalent work experience Certification Requirements : Candidates with one of the following or equivalent certifications will be preferred : Certified Information Systems Security Processional (CISSP), Global Information Assurance Certification (GIAC